Описание
Silverstripe CMS XSS Vulnerability
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Пакеты
Наименование
silverstripe/cms
composer
Затронутые версииВерсия исправления
<= 4.5.0
Отсутствует
Наименование
silverstripe/framework
composer
Затронутые версииВерсия исправления
>= 3.0.0, < 3.7.5
3.7.5
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.